PSA: Turn off USB debugging on your Android device when you’re not using it

Those of us who have rooted Android devices, or who regularly tether with programs like PdaNet, or who do lots of stuff with ADB – and I’m guessing that most of us fall into one or all of these categories – probably don’t think twice about USB debugging. It’s an option that most power users require quite a bit, and it’s one of those things that we tend to turn on and forget about.

Not so fast: developers over at XDA have figured out how to crack the Android pattern lock screen if USB debugging in enabled with just a few lines of ADB – no root required. That means if you use a pattern lock, and you haven’t turned off USB debugging, your phone is susceptible to hacking if you ever lose it and it falls into the wrong hands.

So far, I haven’t seen similar hacks for devices that are locked with PINs, passwords, or faces, but odds are that similar cracks could be developed soon. Or, it’s also possible that these cracks have already been developed, but the hackers just haven’t been nice enough to warn other people yet.

In any case, going forward, it would be very wise to uncheck USB debugging when you’re not using it, if you haven’t already. (You can usually find this in Developer options in your settings menu – I pulled the image above from my ASUS Eee Pad Transformer Infinity.) With our phones storing so much personal information about us – including phone numbers, pictures, browsing histories, and even credit cards – you can never be too safe.

Full hacking instructions can be found at the link below, but just keep in mind: we’re not posting this link as an encouragement to actually go out and do this, but rather as a way to spread the word about keeping your personal information safe from prying eyes.

About the Author

John Freml is the editor-in-chief at Pocketables. His articles generally focus on all things Google, including Chrome and Android, although his love of new gadgets and technology doesn't stop there. His current arsenal includes the Nexus 6 by Motorola, the 2013 Nexus 7 by ASUS, the Nexus 9 by HTC, the LG G Watch, and the Chromebook Pixel, among others.

And this would have been a very small threat if media wouldn’t make it known to everyone with a link on how to do it

Slacker

I guess you think guns kill people too.

goober999

If the dude in colorado had walked in with 2 knives instead of guns it would have had a much different ending.

erik johnson

huh, are we also going to ban every component he used to make the bombs in his apartment? Bottom line, crazy people will find a way and there is nothing we can do about it.

Hwyman

Yes…you could hide your head in the sand and hope that security through obscurity works (it does not) or you could come to a site like this to educate yourself and take pro-active steps to improve the functionality and security of your Evo. USB debug is now off on my phone. Thanks for the article!

Paul E King

The threat exists whether or not the media reports on it. The bomb doesn’t become more explosive because a lot of people know to avoid it.

Here’s the thing – if someone has plans to hack a stolen or lost cell phone, all they have to do is google how to do it. I doubt someone’s going to see this, or any other piece, and think “hey, now I have a wider variety of cell phones I can steal”.

There are a limited number of people who turn USB debugging on, at least in the HTC world. If you’re rooted and use ADB much, it’s probably always on. Nobody ever tells you to shut it off as it could be a security risk.

Well, now someone’s saying “hey, if you’re concerned that your phone could be pin-unlocked without your consent, uncheck this box”

Security through obscurity is a form of security, but if someone was using a search engine, such as Google, that security is gone. The hacking tools are well known by the people who hack these things and now the one-checkbox method to protect yourself is known.